Secure Access Management for a Secure Operational Network


  1. Charlebois, D.
  2. Henderson, G.
  3. Simmelink, D.
  4. Carruthers, B.
Corporate Authors
Defence R&D Canada - Centre for Security Science, Ottawa ONT (CAN)
SAMSON (Secure Access Management for Secure Operational Networks) is an effort to demonstrate that the integration of access management technologies and protection mechanisms can lead to the hosting multi-caveated information on a single network. The original intent was to put SECRET Canadian Eyes Only (CEO) on a SECRET CANUS network and demonstrate that only Canadians with the appropriate clearance could access the CEO information. Within this environment, we also addressed the requirement to protect the information. Finally, this functionality had to be achieved without impacting, or as little as possible, the use of existing applications. The result is: Existing applications are not impacted: we use COTS file servers, MS Exchange email (unmodified), Instant Messaging (unmodified XMPP-based services), and have demonstrated that we can also deal with Google Earth, GCCS and databases; It is an intercept technology that sits on the wire between the end-point (laptop, desktop, etc.) and the service and mediates access to the data assets based on user credentials, data asset security classification and an access policy (i.e. if the user has the appropriate credentials to access the data asset, it is retrieved, decrypted and delivered to the user’s appliance). All data assets are encrypted with different symmetric keys (AES [236-1024-2048], configurable based on protection requirements). Each email, file, chat room, etc. has its own key (i.e. if the file store is stolen, each f

Il y a un résumé en français ici.

SAMSON (Secure Access Management for Secure Operational Networks);Secure Networks;Secure Access;Information Security
Report Number
DRDC-CSS-TR-2013-037 — Technical Report
Date of publication
01 Dec 2013
Number of Pages
Electronic Document(PDF)

Permanent link

Document 1 of 1

Date modified: